Details

Updated mingw32-libxml2 packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 6. This advisory also containsinformation about future updates for the mingw32 packages, as well as thedeprecation of the packages with the release of Red HatEnterprise Linux 6.4.

The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

These packages provide the libxml2 library, a development toolbox providingthe implementation of various XML standards, for users of MinGW (MinimalistGNU for Windows).

IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will nolonger be updated proactively and will be deprecated with the release ofRed Hat Enterprise Linux 6.4. These packages were provided to support othercapabilities in Red Hat Enterprise Linux and were not intended for directcustomer use. Customers are advised to not use these packages withimmediate effect. Future updates to these packages will be at Red Hat'sdiscretion and these packages may be removed in a future minor release.

A heap-based buffer overflow flaw was found in the way libxml2 decodedentity references with long names. A remote attacker could provide aspecially-crafted XML file that, when opened in an application linkedagainst libxml2, would cause the application to crash or, potentially,execute arbitrary code with the privileges of the user running theapplication. (CVE-2011-3919)

A heap-based buffer underflow flaw was found in the way libxml2 decodedcertain entities. A remote attacker could provide a specially-crafted XMLfile that, when opened in an application linked against libxml2, wouldcause the application to crash or, potentially, execute arbitrary code withthe privileges of the user running the application. (CVE-2012-5134)

It was found that the hashing routine used by libxml2 arrays wassusceptible to predictable hash collisions. Sending a specially-craftedmessage to an XML service could result in longer processing time, whichcould lead to a denial of service. To mitigate this issue, randomizationhas been added to the hashing function to reduce the chance of an attackersuccessfully causing intentional collisions. (CVE-2012-0841)

Multiple flaws were found in the way libxml2 parsed certain XPath (XML PathLanguage) expressions. If an attacker were able to supply aspecially-crafted XML file to an application using libxml2, as well as anXPath expression for that application to run against the crafted file, itcould cause the application to crash. (CVE-2010-4008, CVE-2010-4494,CVE-2011-2821, CVE-2011-2834)

Two heap-based buffer overflow flaws were found in the way libxml2 decodedcertain XML files. A remote attacker could provide a specially-crafted XMLfile that, when opened in an application linked against libxml2, wouldcause the application to crash or, potentially, execute arbitrary code withthe privileges of the user running the application. (CVE-2011-0216,CVE-2011-3102)

An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way libxml2 parsed certain XPath expressions. If an attackerwere able to supply a specially-crafted XML file to an application usinglibxml2, as well as an XPath expression for that application to run againstthe crafted file, it could cause the application to crash or, possibly,execute arbitrary code. (CVE-2011-1944)

An out-of-bounds memory read flaw was found in libxml2. A remote attackercould provide a specially-crafted XML file that, when opened in anapplication linked against libxml2, would cause the application to crash.(CVE-2011-3905)

Red Hat would like to thank the Google Security Team for reporting theCVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as theoriginal reporter of CVE-2010-4008.

All users of mingw32-libxml2 are advised to upgrade to these updatedpackages, which contain backported patches to correct these issues.

Solution

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.